Announcement

Collapse
No announcement yet.

Decrypting a Hash Password.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • V8N3T
    replied
    thanks for all your support every1. I did alot of reasearch on my own, but when you hit that wall you need some help. And yall have done just that, thanks again every1. love the forum : ]

    Leave a comment:


  • LosT
    replied
    Originally posted by TheCotMan
    I've grown to like:
    "(s)he who knows not, and knows not how to research is ingnorant and deserves to be ignored."

    It's like telling people to 'google it' and having them reply with, "google did not help," or, "google did not return anything." When you verify that google does help, you know they are unwilling or unable to research.

    Exactly my point earlier...the concepts behind hashes should be easy to get from Google...pretty standard info. I usually don't like the 'give me the answer' people, but prefer the 'help me get the answer, I'm working on it but I'm stuck' people. I always strive to be that kind of a person when seeking help.

    LosT

    Leave a comment:


  • dev_zero
    replied
    Take a look at rainbowcrack, it uses rainbow tables to bruteforce hashes.
    http://www.antsight.com/zsl/rainbowcrack/

    Leave a comment:


  • TheCotMan
    replied
    Originally posted by Floydr47
    show me a man who claims to know everthing there is to know and I'll show you a damned liar.
    3 Curious humans waiting to asked questions of the Great Oracle of Delphi, and each can learn from the those who preceed them.

    Oracle: I AM THE GREAT ORACLE OF DELPHI! I KNOW EVERYTHING YOU NEED TO KNOW! ASK ME A QUESTION!
    Curious Human 1: Could ask any question on any topic?
    Oracle: YES.
    Curious Human 1: Oh! What are the lottery numbers tomorrow?
    Oracle: YOU ASKED YOUR QUESTION. NEXT!

    Oracle: I AM THE GREAT ORACLE OF DELPHI! I KNOW EVERYTHING YOU NEED TO KNOW! ASK ME A QUESTION!
    Curious Human 2: What will the score of the game tomorrow be, before it starts?
    Oracle: ZERO TO ZERO! NEXT!

    Oracle: I AM THE GREAT ORACLE OF DELPHI! I KNOW EVERYTHING YOU NEED TO KNOW! ASK ME A QUESTION!
    Curious Human 3: How can I know as much as you, Great Oracle?
    Oracle: YOU DON'T NEED TO KNOW THAT!

    Originally posted by badkarma
    ..."He who knows not ..."
    I've grown to like:
    "(s)he who knows not, and knows not how to research is ingnorant and deserves to be ignored."

    It's like telling people to 'google it' and having them reply with, "google did not help," or, "google did not return anything." When you verify that google does help, you know they are unwilling or unable to research.
    Last edited by TheCotMan; April 5, 2005, 10:47.

    Leave a comment:


  • Badkarma
    replied
    As far as being confusing, many things about computers are confusing to me, usually however, after logical discussion they seem to be more clear
    Same thing goes for me, specially when its analogy time :)
    It is true that reading maketh a full man.
    ...reminds me of the men of four.

    "He who knows not and knows not that he knows not is a fool; shun him.
    He who knows not and knows that he knows not is a child; teach him.
    He who knows but knows not that he knows is asleep; wake him.
    He who knows and knows that he knows is wise; follow him."

    BK

    Leave a comment:


  • Floydr47
    replied
    Originally posted by LosT
    Hehhee, true, but if they are having problems with something like simple one way hashes, then RSA would be totally confusing...I cross what? Where? Huh? ;)

    LosT
    Personally I have never had a problem with "simple one way hashes" because had it not been for this discussion I probably would have never given them a second thought. As far as being confusing, many things about computers are confusing to me, usually however, after logical discussion they seem to be more clear. I understand more about hashes now than if I had never read this thread. I am quite sure that given time and solid information I would understand RSA as well as anyone. Life is a learning experience, show me a man who claims to know everthing there is to know and I'll show you a damned liar.

    Leave a comment:


  • LosT
    replied
    Originally posted by Voltage Spike
    Bah! RSA is the easy one (especially for mathmagicians). I could explain it to someone in less than an hour.

    Proving it, though...

    Hehhee, true, but if they are having problems with something like simple one way hashes, then RSA would be totally confusing...I cross what? Where? Huh? ;)

    LosT

    Leave a comment:


  • Voltage Spike
    replied
    Originally posted by LosT
    You think that is bad, lets really start confusing people and explaining the RSA algs for encryption...
    Bah! RSA is the easy one (especially for mathmagicians). I could explain it to someone in less than an hour.

    Proving it, though...

    Leave a comment:


  • LosT
    replied
    You think that is bad, lets really start confusing people and explaining the RSA algs for encryption... ;)

    LosT

    Leave a comment:


  • V8N3T
    replied
    wow...thanks for the reply's all. Thats exactly what I was needing.....thanks a bunch every1.

    Leave a comment:


  • Voltage Spike
    replied
    Originally posted by Floydr47
    Would the hash for "bannana" remain the same whether it was, say for instance, an AOL password or an MSN password or would each create it's own hash?
    Each program tends to use its own little tricks and algorithms, so the hashes tend to be different.

    Note that if the hashing technique is the same, obtaining the hash may be as good as obtaining the password. Some applications go out of their way to avoid this problem by adding, for example, the application name or the name of the authenticating server. This is merely a more advanced technique of salting (also called nonce depending on the context).

    Originally posted by Floydr47
    If the hash changed from one to the other then the theory of hashing a dictionary + 2 wouldn't hold water would it?
    In the real world, people tend to use the same password for multiple accounts. Although the database is specific to one application, cracking that application yields access to the other accounts.

    Leave a comment:


  • TheCotMan
    replied
    Originally posted by astcell
    SQL may be overkill but it will be faster with a big dictionary of course. So, who'se up to it?
    Though more like a flat-file with special searching and indexing in memory than a DB, it has "kind of" been done with alphanumeric passwords even though L0pht had similar ideas in their presentation for future releases.
    Similar techniques were used in the "Early days" when trying to break WEP before flaws in the original protocol were exposed.

    Since Proofs Of Concept have been made available, the act of using a larger dictionary is only limited by resources available. Also, this problem lends itself very well to using distributed computing in an attack and can scale very well.

    Your target is someone with lots of memory and disk space, or a farm of systems they can (ab)use with a total of free-space and RAM that is large and some coding or DB skills.
    Last edited by TheCotMan; April 3, 2005, 23:50.

    Leave a comment:


  • Floydr47
    replied
    Would the hash for "bannana" remain the same whether it was, say for instance, an AOL password or an MSN password or would each create it's own hash? If the hash changed from one to the other then the theory of hashing a dictionary + 2 wouldn't hold water would it? I mean the English language contains some 68,000 +/- words and a hash system would contain an infinite number of combinations...not being a smart ass, just thinking out loud.

    Leave a comment:


  • astcell
    replied
    SQL may be overkill but it will be faster with a big dictionary of course. So, who'se up to it?

    Leave a comment:


  • TheCotMan
    replied
    Originally posted by astcell
    Hmmm, the only thing needed would be a small coded algorithm which would read one file,maybe a .txt file, then generate the hashed password in a comma delimited file.
    Or maybe a SQL DB optimized for searching? Only need one table with two fields (hash / plain-text) and a query for each hash lookup. DB abstraction and overhead allows for distribution too. Ordered lists in RAM would be faster, but RAM is more expensive than Secondary Storage (HD/CD/DVD/etc)

    Is this called warhashing?
    I AM CORNHOLIO! Are you threatening me? heh heh. :-)

    [Maybe I should start war-sleeping. heh heh hrm. yeah!]
    Last edited by TheCotMan; April 3, 2005, 23:04. Reason: [added content]

    Leave a comment:

Working...
X